Add more security actions logs

lib/api/controllers/admin.js

@@ -172,8 +172,8 @@ class AdminController extends NativeController {
 
   loadSecurities (request) {
     const securities = this.getBody(request);
-
-    const promise = this.kuzzle.janitor.loadSecurities(securities);
+    const user = this.getUser(request);
+    const promise = this.kuzzle.janitor.loadSecurities(securities, { user });
 
     return this._waitForAction(request, promise, { acknowledge: true });
   }

lib/api/controllers/base.js

@@ -618,6 +618,21 @@ class NativeController extends BaseController {
     return null;
   }
 
+  /**
+   * Returns the current user
+   *
+   * @param {Request} request
+   *
+   * @returns {Object}
+   */
+  getUser (request) {
+    if (request.context && request.context.user) {
+      return request.context.user;
+    }
+
+    return null;
+  }
+
   getSearchParams (request) {
     const
       from = this.getInteger(request, 'from', 0),

lib/api/controllers/security.js

@@ -305,6 +305,7 @@ class SecurityController extends NativeController {
       description,
       { apiKeyId, creatorId, refresh });
 
+    this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${userId}."`);
     return apiKey.serialize({ includeToken: true });
   }
 
@@ -536,7 +537,10 @@ class SecurityController extends NativeController {
         refresh: getRefresh(request)
       }
     )
-      .then(role => formatProcessing.serializeRole(role));
+      .then(role => {
+        this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on role "${role._id}."`);
+        return formatProcessing.serializeRole(role);
+      });
   }
 
   /**
@@ -559,7 +563,10 @@ class SecurityController extends NativeController {
         refresh: getRefresh(request)
       }
     )
-      .then(role => formatProcessing.serializeRole(role));
+      .then(role => {
+        this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on role "${role._id}."`);
+        return formatProcessing.serializeRole(role);
+      });
   }
 
   /**
@@ -574,7 +581,11 @@ class SecurityController extends NativeController {
     const options = { refresh: getRefresh(request) };
 
     return this.kuzzle.repositories.role.load(request.input.resource._id)
-      .then(role => this.kuzzle.repositories.role.delete(role, options));
+      .then(role =>
+      {
+        this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action} on role "${role._id}."`);
+        return this.kuzzle.repositories.role.delete(role, options);
+      });
   }
 
   /**
@@ -643,7 +654,9 @@ class SecurityController extends NativeController {
         refresh: getRefresh(request)
       }
     )
-      .then(profile => formatProcessing.serializeProfile(profile)
+      .then(profile => {
+        this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on profile "${profile._id}."`);
+        return formatProcessing.serializeProfile(profile);}
       );
   }
 
@@ -668,8 +681,10 @@ class SecurityController extends NativeController {
         refresh: getRefresh(request)
       }
     )
-      .then(profile => formatProcessing.serializeProfile(profile)
-      );
+      .then(profile => {
+        this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on profile "${profile._id}."`);
+        return formatProcessing.serializeProfile(profile);
+      });
   }
 
   /**
@@ -684,7 +699,10 @@ class SecurityController extends NativeController {
     const options = { refresh: getRefresh(request) };
 
     return this.kuzzle.repositories.profile.load(request.input.resource._id)
-      .then(profile => this.kuzzle.repositories.profile.delete(profile, options));
+      .then(profile => {
+        this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on profile "${profile._id}."`);
+        return this.kuzzle.repositories.profile.delete(profile, options);
+      });
   }
 
   /**
@@ -854,6 +872,7 @@ class SecurityController extends NativeController {
 
     await this.kuzzle.repositories.user.delete(user, options);
 
+    this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${userId}."`);
     return {
       _id: userId
     };
@@ -880,6 +899,7 @@ class SecurityController extends NativeController {
     const pojoUser = request.input.body.content;
     pojoUser._id = request.input.resource._id || uuid();
 
+    this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${pojoUser._id}."`);
     return persistUser(this.kuzzle, request, pojoUser);
   }
 
@@ -905,6 +925,7 @@ class SecurityController extends NativeController {
 
     pojoUser.profileIds = this.kuzzle.config.security.restrictedProfileIds;
 
+    this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${pojoUser._id}."`);
     return persistUser(this.kuzzle, request, pojoUser);
   }
 
@@ -937,7 +958,10 @@ class SecurityController extends NativeController {
           Object.assign(currentUserPojo, pojo));
       })
       .then(user => this.kuzzle.repositories.user.persist(user, options))
-      .then(updatedUser => formatProcessing.serializeUser(updatedUser));
+      .then(updatedUser => {
+        this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${updatedUser._id}."`);
+        return formatProcessing.serializeUser(updatedUser);
+      });
   }
 
   /**
@@ -986,6 +1010,7 @@ class SecurityController extends NativeController {
         updatedUser,
         options);
 
+    this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${createdUser._id}."`);
     return formatProcessing.serializeUser(createdUser);
   }
 
@@ -1010,7 +1035,10 @@ class SecurityController extends NativeController {
       .then(profile => this.kuzzle.repositories.profile.validateAndSaveProfile(
         _.extend(profile, request.input.body),
         options))
-      .then(updatedProfile => formatProcessing.serializeProfile(updatedProfile));
+      .then(updatedProfile => {
+        this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on profile "${updatedProfile._id}."`);
+        return formatProcessing.serializeProfile(updatedProfile);
+      });
   }
 
   /**
@@ -1035,7 +1063,10 @@ class SecurityController extends NativeController {
       .then(role => this.kuzzle.repositories.role.validateAndSaveRole(
         _.extend(role, request.input.body),
         options))
-      .then(updatedRole => formatProcessing.serializeRole(updatedRole));
+      .then(updatedRole => {
+        this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on role "${updatedRole._id}."`);
+        return formatProcessing.serializeRole(updatedRole);
+      });
   }
 
   /**
@@ -1075,6 +1106,7 @@ class SecurityController extends NativeController {
             .then(() => response);
         }
 
+        this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}".`);
         return response;
       });
   }
@@ -1179,6 +1211,7 @@ class SecurityController extends NativeController {
           strategy,
           'create');
 
+        this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${id}."`);
         return createMethod(request, request.input.body, id, strategy);
       });
   }
@@ -1214,6 +1247,7 @@ class SecurityController extends NativeController {
           strategy,
           'update');
 
+        this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${id}."`);
         return updateMethod(request, request.input.body, id, strategy);
       });
   }
@@ -1273,7 +1307,10 @@ class SecurityController extends NativeController {
       'delete');
 
     return deleteMethod(request, request.input.resource._id, request.input.args.strategy)
-      .then(() => ({acknowledged: true}));
+      .then(() => {
+        this.kuzzle.log.info(`[SECURITY] User "${this.getUserId(request)}" applied action "${request.input.action}" on user "${request.input.resource._id}."`);
+        return {acknowledged: true};
+      });
   }
 
   /**
@@ -1468,6 +1505,16 @@ function mDelete (kuzzle, type, request) {
           errorsManager.get('services', 'storage', 'incomplete_delete', errors));
       }
 
+      const userId = request.context && request.context.user && request.context.user._id
+        ? request.context.user._id
+        : null;
+
+      if (ids.length > 1000) {
+        kuzzle.log.info(`[SECURITY] User "${userId}" deleted the following ${type}s ${ids.slice(0, 1000).join(', ')}... (${ids.length - 1000} more users deleted)."`);
+      }
+      else {
+        kuzzle.log.info(`[SECURITY] User "${userId}" deleted the following ${type}s ${ids.join(', ')}."`);
+      }
       return ids;
     });
 }

lib/api/funnel.js

@@ -673,7 +673,8 @@ class Funnel {
     if (asError) {
       callback(error, request);
       this.handleErrorDump(error);
-    } else {
+    }
+    else {
       callback(null, request);
     }
 
@@ -698,20 +699,22 @@ class Funnel {
         if (this[cachedItem.executor](cachedItem.request, cachedItem.callback) === -1) {
           // no slot found again. We stop here and try next time
           break;
-        } else {
+        }
+        else {
           this.requestsCacheQueue.shift();
         }
       }
     }
 
     if (this.requestsCacheQueue.length > 0) {
       setTimeout(() => this._playCachedRequests(), 0);
-    } else {
+    }
+    else {
       const now = Date.now();
       // No request remaining in cache => stop the background task and return to normal behavior
       this.overloaded = false;
 
-      if (this.overloadWarned
+      if ( this.overloadWarned
         && (this.lastOverloadTime === 0 || this.lastOverloadTime < now - 500)
       ) {
         this.overloadWarned = false;

lib/core/janitor.js

@@ -50,18 +50,18 @@ class Janitor {
    * @param {object} securities
    * @returns {Promise}
    */
-  async loadSecurities (securities = {}) {
+  async loadSecurities (securities = {}, user = null) {
     assertIsObject(securities);
-    await this._createSecurity('createOrReplaceRole', securities.roles);
-    await this._createSecurity('createOrReplaceProfile', securities.profiles);
-    await this._deleteUsers(securities.users);
-    await this._createSecurity('createUser', securities.users);
+    await this._createSecurity('createOrReplaceRole', securities.roles, user);
+    await this._createSecurity('createOrReplaceProfile', securities.profiles, user);
+    await this._deleteUsers(securities.users, user);
+    await this._createSecurity('createUser', securities.users, user);
   }
 
   /**
    * Load database fixtures into Kuzzle
    *
-   * @param {String} fixtures
+   * @param {String} fixturesId
    * @returns {Promise}
    */
   loadFixtures (fixtures = {}) {
@@ -354,14 +354,15 @@ class Janitor {
     }
   }
 
-  _createSecurity (action, objects) {
+  _createSecurity (action, objects, user) {
     if (! objects) {
       return Bluebird.resolve();
     }
 
     try {
       assertIsObject(objects);
-    } catch (e) {
+    }
+    catch (e) {
       return Bluebird.reject(e);
     }
 
@@ -374,13 +375,13 @@ class Janitor {
         body: objects[_id],
         controller: 'security',
         refresh: 'wait_for'
-      });
+      }, { user });
 
       return this.kuzzle.funnel.processRequest(request);
     });
   }
 
-  async _deleteUsers (users) {
+  async _deleteUsers (users, user) {
     if (! users) {
       return;
     }
@@ -392,7 +393,7 @@ class Janitor {
         body: { ids },
         controller: 'security',
         refresh: 'wait_for'
-      });
+      }, { user });
 
     try {
       await this.kuzzle.funnel.processRequest(request);

test/api/controllers/admin.test.js

@@ -23,7 +23,7 @@ describe('AdminController', () => {
 
     adminController = new AdminController(kuzzle);
 
-    request = new Request({ controller: 'admin' });
+    request = new Request({ controller: 'admin' }, {user: {_id: 'test-user'}});
 
     request.input.args.refresh = 'wait_for';
   });
@@ -234,14 +234,15 @@ describe('AdminController', () => {
     beforeEach(() => {
       request.input.action = 'loadSecurities';
       request.input.body = { gordon: { freeman: [] } };
+      request.context.user = {_id: 'test-user'};
     });
 
     it('should call Janitor.loadSecurities', () => {
       return adminController.loadSecurities(request)
         .then(() => {
           should(kuzzle.janitor.loadSecurities)
             .be.calledOnce()
-            .be.calledWith({ gordon: { freeman: [] } });
+            .be.calledWith({ gordon: { freeman: [] } }, {user: { _id: 'test-user'}} );
         });
     });
   });

test/api/controllers/security/createFirstAdmin.test.js

@@ -63,7 +63,7 @@ describe('Test: security controller - createFirstAdmin', () => {
         action: 'createFirstAdmin',
         _id: 'toto',
         body: {content: {password: 'pwd'}}
-      }))
+      }, { user: { _id: 'User' } }))
         .then(() => {
           should(createUser).be.calledOnce();
           should(createUser.firstCall.args[0]).be.instanceOf(Request);